VICE PRESIDENT, INFORMATION SECURITY (CISO) – Montreal
Job description
POSITION OVERVIEW
Reporting to the Chief Information Officer (CIO) and a key member of the Information Technology leadership team, the Vice President, Information Security, is responsible for establishing and maintaining the vision, strategy and programs to ensure the adequate protection at all times of the company’s information and technology assets. In particular, the incumbent must manage the team responsible for all aspects of IT-related risks, including those associated with information security: establishing, managing and monitoring the policies and corporate directives as well as the associated processes and procedures intended to ensure the secure and uninterrupted operation of all information processing systems.
More specifically, the incumbent will be required to establish and communicate to BDC the standards, procedures and guidelines to prevent the unauthorized use, release, modification, or destruction of data in any form. In collaboration with various key corporate stakeholders, the CISO must ensure compliance with essential security measures by performing system reviews, monitoring system usage, implementing security procedures and legal requirements and consulting on long-range security planning.
The individual upholds BDC’s cultural standards and demonstrates passion for the organization’s mission, vision and values.
CHALLENGES TO BE MET
Lead a team composed of 7 leaders, approximately 35 qualified professionals, 30 external consultants and third-party firms delivering specific services.
Perform IT internal controls and security assessments; develop information, system and infrastructure security strategies and establish appropriate Policies and Corporate Directives.
Recommend security solutions to assist with the assessment and improvement of networks and security infrastructure and demonstrate a strong expertise of the internal and external IT security landscape, including emerging risks and cybersecurity solutions.
Perform strategic identification and evaluation of security risks, threats and vulnerabilities as well as related intelligence to prevent, protect against or mitigate identified risks.
Understand the System Security Delivery Life Cycle (SSDLC) methodologies and support the various IT teams in incorporating security controls in compliance with security standards into each phase.
Translate business needs and regulatory requirements into risk-appropriate controls to successfully implement an effective security governance program.
Act as a primary subject matter expert, resource, and liaison for government security regulatory agencies; work closely with various corporate sectors (Finance, Human Resources, Legal, Risk Management, Property Management) and the business lines to manage technological risks.
Develop training and awareness efforts for employees to establish a “culture of security” to prevent or mitigate security incidents.
Act as lead or provide technical support for major incident investigations involving security-related issues.
Participate on occasion in investigating potential fraud.
Facilitate effective, clear and consistent communications for various audiences, including Senior Management and Board of Directors, regarding the status of security issues, evolving risks and related recommendations.
Develop metrics to measure the effectiveness and efficiency of all information security programs and personnel.
Support leadership in the development and maintenance of business continuity and crisis management/incident command programs, including planning and conducting simulations.
Maintain an understanding of the current vulnerabilities, response, and mitigation strategies used in cyber security operations.
Monitor and stay current with cyber security threats and related proven practices and technology, namely by overseeing the establishment and maintenance of a large network of contacts in the field.
WHAT WE ARE LOOKING FOR
Bachelor’s or Master’s degree in Information Systems Management, Computer Science, Engineering or equivalent.
Minimum of ten years of progressive responsibilities in information security program management or related experience in risk/security management, with three to five years of applied leadership experience overseeing security initiatives and solutions in a large company.
Practical experience with Emergency Preparedness, Critical Incident Management, Business Continuity and Disaster Recovery principles and program development.
Experience working in nuanced 3 Lines of Defense environments, notably in leading a 1B function and managing interactions with Enterprise Risk Management and Audit partners.
The candidate must demonstrate great adaptability and be able to quickly adjust to frequent and unforeseen changes in a dynamic environment.
Experience developing corporate and cloud security programs in an agile approach.
An exceptional understanding of comprehensive security programs, including technologies and tools.
Strong technical competence with a strong interest in being hands-on.
Demonstrated ability to work in a collaborative environment and influence others to ensure adequacy of IT operational risk mitigation efforts.
Exceptional cross-functional team leadership.
Ability to develop and maintain highly effective relationships, internally and externally.
Strong critical thinking and analytical skills; demonstrated ability to identify risks associated with business processes, IT operations, information security programs, and technology projects.
Ability to handle the stress related to balancing multiple issues and perspectives.
Comfortable with leading and initiating change; consciously managing and shaping change; flexibility and the ability to multi-task in a fast-paced environment.
Dedication to client service and to delivering timely and high-quality results.
Drive to constantly improve processes.
Continuous improvement/learning mindset.
Proven record in applying judgment in creating and sustaining the right level sense of urgency anticipating and/or preventing impacts to the organisation.
Excellent written and verbal communication skills in both French and English, including presentations, and ability to interact effectively with people at all levels of the company, from technical teams to members of Senior Management.
Knowledge of the financial sector is an asset.
Certification in one of the following is an asset: Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Project Management Professional (PMP), ITIL v3/2011, Six Sigma or lean management or equivalent work experience.
Job posting period
Until 2024-08-30 at 00:00
To submit a job offer, internship or training, fill out the form.